Home » Cybersecurity, when the best defense is attack

Cybersecurity, when the best defense is attack

by admin
Cybersecurity, when the best defense is attack

They kept an eye on the bank’s entrances for weeks, noted the schedules, filmed the employees, studied the façade, prepared a floor plan of the premises. Then they saw a Facebook post about the surveillance cameras in use and studied the model. Downloading the manuals from the Internet they discovered that the camera sent an alarm to the surveillance via SMS over 2G network, and therefore they created a fake phone cell to hook into the system and redirect messages to their phones: at that point they entered.

This is how this story of the intrusion into a Lombard bank through the tampering of video cameras began. Luckily they were defenders, not thieves. Or rather, of experts who behave like thieves but who in reality are the 007 of security.

To counter an increasingly aggressive approach by cybercriminals and face increasingly sophisticated attacks, the Italian company Innovery has created a division specialized in Offensive Security to test the perimeter and application defenses of companies, both from the point of view of IT and physical security. And he told us this story.

Cybersecurity

For Google, an Italian company distributes spy software on iOS and Android devices

by Arturo Di Corinto


Innovery’s team of raiders – professionals working in the field of computer programming and engineering, electronics and the like – has in fact the task of identifying the vulnerabilities of companies, including “zero days”, that is, previously unknown flaws in software security. .

They act according to the logic ofethical hacking“Pierce” the information systems of banks, institutions and private organizations, check software flaws, create special malware and test everything that can compromise the perimeter security of the “target”, namely alarms, motion detectors, locks, sensors, cameras, and all physical and computer barriers designed to keep data, machines and valuables safe.

The real “fake Klitschko” undermines processes and digital identity

See also  The national football warm-up match maintains a full victory, Wei Shihao leads the 3 generals or misses the squad

by Andrea Monti


The multinational company, born in Naples, is one of the few Italian companies specialized in “corporate infiltration”. His Red Team takes the field with real corporate espionage activities, starting from the recognition of the perimeter and the shadowing of employees up to the intrusion through cloning of badges and tampering with video cameras and armored doors to highlight the gaps and vulnerabilities of companies: the ultimate goal can be a control room, a vault or a dedicated server.

Smartworking and new vulnerabilities: how to protect companies


(Ethical) thieves by contract

Everything these experts do they do on the basis of a contract written between the client, i.e. the legal manager of the company or body requesting the services, and their lawyers, a contract to which a non-disclosure clause of the activities carried out and requires the utmost attention not to damage the privacy of anyone.

This is how they have infiltrated several times to the offices of a CEO or inside the vault of a bank, just to demonstrate how it is possible to steal information or valuable assets. As they tell Innovery, “it’s an Ocean’s Eleven story,” the serial film where the team of George Clooney and Brad Pitt sneak into a casino vault in a daring way. The paraphernalia used is the one that is also seen in the James Bond saga and that surround all the spy films; glasses with cameras, USB sticks in the heel of shoes, cell phones that detect bedbugs.

Intelligence, information gathering comes first. Innovery experts first carry out a passive analysis with Osint methods (Open Source intelligence) by exploiting the feeds (content from various sources) that come from clear web and they use specialized personnel who infiltrate groups closed by hackers who plan cyber attacks.

But it’s not all digital “We print the floor plans from Google maps – says Antonio Fiorito of Innovery, the hound at the head of a dedicated team of 20 people – then a second analysis step, going in front of the building or the customer room, we record entry and exit times of the workplace, and so we understand where the cameras and security and concierge services are. I remember once we arrived with a staircase in front of the bank entrance to access the second floor, no one told us anything and we went inside ”.

See also  Covid, from hospitalizations to vaccines: the data and the situation of children and young people

The experts, all highly specialized personnel but not necessarily with a degree, after the first access study the security systems, the motion detectors, the volumetric ones, the cameras.

Sometimes they leave items like key rings and USB sticks around (remember Mr. Robot?), Or environmental spies to collect other information items, even tablets and phones to see if someone is naive enough to pick them up and use them. One of the boldest operations is to leave the lan turtle (an object that, connected to the network, can be connected to a VPN or propagate a Wi-Fi signal) to monitor all the victim’s internet traffic.

A long planning

The planning of the activities requires from 15 days of inspections to 4 masses of activities, they tell us: “Once we have physical access to the structure then we have to understand how to get to the target, the vault, and then understand how to bypass sensors and locks”. When the intrusion is physical they use glasses equipped with cameras that collect post-its, written on the billboards, sometimes it is enough to talk to a person who allows them to obtain valuable information.

But it’s not as easy as it sounds to say. Generally these are alarm systems separated from each other and therefore a first goal can be bypassing physical structures, the second is to bypass all the signals on the GSM network and finally intervene on the software. “Small interruptions do not raise alarm. We use specific software to take remote control of the surveillance tools (the RCEs) and to finally launch a 0-day “.

See also  Pakistani loses his head, injures some nurses and causes damage in the ward

In short, it’s not something anyone can do. “In the end we make videos of everything and the impact on the customer is huge. The goal is to detect possible gaps in the customer’s physical and digital defense, and raise awareness of the importance of security “.

How offensive security works according to innovery

The phases of Innovery’s work are divided into:

  • Passive reconnaissance – gathering information about the target’s environment.
  • Cyber ​​Threat Intelligence – taking advantage of freely available information about the target as well as its people and the specificities of the environment.
  • Active reconnaissance – obtaining information through phone calls, emails by directly interrogating target staff or suppliers.
  • Covert observation – stalking, drones and hidden photographs help identify physical security checks and monitor personnel as they come and go.
  • Attack planning – using what has been learned about vulnerabilities, escape and entry points, cameras, guards, fences, business technology, staff members, and more.
  • Pretexting – testing of test equipment, transport and personnel to make sure everything is ready for launch.
  • Infiltration, Exploitation – carrying out the planned attack.
  • Post-Exploitation – penetration of the environment to maintain a persistent backdoor.

“I love my job, Fiorito tells us. It is done for passion. We want to give concrete help to understand the right safety posture. We also do it for VIPs, not just for their companies. We work in all areas, finance, insurance, energy, academia and in the Public Administration. But we could also do it for a famous actor or a footballer ”.

It seems obvious that each customer has a separate contract that defines how far the raiders can be pushed, guaranteeing respect for the privacy and reputation of the subjects involved, but it is good to reiterate this to avoid reckless emulations.

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy